1 CLAIMS 

2 1. An authentication engine architecture for a SHA-1 multi-round authentication 

3 algorithm, comprising: 

4 a hash engine configured to implement hash round logic for an SHA1 

5 authentication algorithm, said hash round logic implementation including, 

6 a combined adder tree with a timing critical path having a single 32-bit 

7 carry look-ahead adder (CLA). 

8 2. The authentication engine architecture of claim 1, wherein said hash round 

9 logic implementation has a timing critical path equivalent to one of: 

10 one 5-bit addition, one 32-bit CSA, a multiplexer operation, and one 

If 11 32-bit CLA; and 

12 three 32-bit CSAs, a multiplexer operation, and one 32-bit CLA. 

% 

O 13 3. The authentication engine architecture of claim 1, wherein the additions 

'% 14 performed by the combined adder tree are preceded by a 5 -bit circular shifter. 

s 

O 15 4. The authentication engine architecture of claim 3, wherein combined adder 

fl 16 tree includes add5tol and add4tol adders. 

q 17 5. The authentication engine architecture of claim 1, wherein the combined adder 

ft! 18 tree is configured such that addition computations are conducted in parallel with 

19 round operations. 

20 6. The authentication engine architecture of claim 1, wherein the architecture is 

21 implemented as an authentication engine architecture for a multi-loop, SHA-1 

22 authentication algorithm, comprising: 

23 a first instantiation of an SHA-1 authentication algorithm hash round logic in 

24 an inner hash engine; 

25 a second instantiation of an SHA-1 authentication algorithm hash round logic 

26 in an outer hash engine; 

27 a dual-frame payload data input buffer configured for loading one new data 

28 block while another data block one is being processed in the inner hash engine; 
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29 an initial hash state input buffer configuration for loading initial hash states to 

30 the inner and outer hash engines for concurrent inner hash and outer hash operations; 

31 and 

32 a dual-ported ROM configured for concurrent constant lookups for both inner 

33 and outer hash engines. 

34 7. The authentication engine architecture of claim 6, wherein the multi-loop, 

35 multi -round authentication algorithm is HMAC-SHA1 . 

36 8. The authentication engine architecture of claim 1, wherein said hash round 

37 logic is implemented such that eighty rounds of an SHA1 loop are collapsed into forty 

38 rounds. 

39 9. The authentication engine architecture of claim 1, wherein said hash engine is 

40 configured to implement hash round logic comprising: 

41 five hash state registers; 

42 one critical and four non-critical data paths associated with the five registers, 

43 such that in successive SHA1 rounds, registers having the critical path are alternative. 

44 10. A method of authenticating data transmitted over a computer network, 

45 comprising: 

46 receiving a data packet stream; 

47 splitting the packet data stream into fixed-size data blocks; and 

48 processing the fixed-size data blocks using an SHA-1 multi-round 

49 authentication engine architecture, said architecture implementing hash round logic 

50 for an SHA1 authentication algorithm including a combined adder tree with a timing 

51 critical path having a single 32-bit carry look- ahead adder (CLA). 

52 11. The method of claim 10, wherein the hash round logic implementation has a 

53 timing critical path equivalent to one of: 

54 one 5-bit addition, one 32-bit CSA, a multiplexer operation, and one 

55 32-bit CLA; and 

56 three 32-bit CSAs, a multiplexer operation, and one 32-bit CLA. 
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57 12. The method of claim 10 wherein additions performed by the combined adder 

58 tree are preceded by a 5-bit circular shifter. 

59 13. The method of claim 10, further comprising: 

60 providing five hash state registers; and 

61 providing data paths from said five state registers such that four of the five 

62 data paths from the registers in any SHA1 round are not timing critical. 

63 14. The method of claim 13, wherein, in successive SHA1 rounds, registers having 

64 the critical path are alternative. 

65 15. The method of claim 14, wherein eighty rounds of an SHA1 loop are collapsed 
ill 66 into forty rounds. 

j= 67 16. The method of claim 10, wherein addition computations are conducted in 

jjW 68 parallel with round operations. 

§1 

,fi 69 17. The method of claim 10, wherein said authentication engine is a multi-loop, 

s 70 multi-round authentication engine architecture having a hash engine core comprising 

O 

n 71 an inner hash engine and an outer hash engine, said architecture configured to, 

Q 

ffl 72 pipeline hash operations of said inner hash and outer hash engines, 

|y 73 collapse and rearrange multi-round logic to reduce rounds of hash 

74 operations, and 

75 implement multi-round logic such that addition computations are 

76 conducted in parallel with round operations. 

77 18. The method of claim 17, wherein the multi-loop, multi-round authentication 

78 algorithm is HMAC-SHA1 . 

79 19. The method of claim 18, wherein said pipelining comprises performance of an 

80 outer hash operation for one data payload in parallel with an inner hash operation of a 

81 second data payload in a packet stream fed to the authentication engine. 

82 20. The method of claim 19, wherein a dual-frame input buffer is used for the 

83 inner hash engine. 
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21. The method of claim 20, wherein initial hash states for the hash operations are 
double buffered for concurrent inner hash and outer hash operations. 

22. The method of claim 21, wherein concurrent constant lookups are performed 
from a dual-ported ROM by both inner and outer hash engines. 
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